LEFT FOR DEAD— “Senate Democrats and Republicans can agree on perhaps just one thing about special counsel Robert Mueller’s investigation — that Russia interfered in the 2016 election,” POLITICO’s Marianne LeVine reports, with an assist from Tim. “But bipartisan legislation to address foreign intrusions is all but dead amid a distinct lack of enthusiasm from Senate GOP leadership and the Trump White House.” The Secure Elections Act sponsors aren’t giving up on the bill, though. Read more here.

PRIVACY PLEASE — NIST on Wednesday released a draft version of a Privacy Framework that’s modeled on its popular Cybersecurity Framework, explains the concept of privacy risk management and offers advice for how businesses can protect sensitive data. The agency asked for public comments and said it was particularly interested in how valuable the framework, as structured, would be to companies that want to build robust privacy programs. It’s also seeking feedback on “whether the Privacy Framework could be effectively implemented independently or in conjunction with the Cybersecurity Framework.” Although the framework deals with issues beyond security, it incorporates security considerations and explains how privacy and security overlap.

The “broad and shifting nature of privacy makes it difficult to communicate clearly about privacy risks within and between organizations and with individuals,” the framework’s introduction says. “What has been missing is a shared lexicon and practical structure that is flexible enough to address diverse privacy needs.”

SATELLITE OF CYBER, SATELLITE OF CYBER — Christopher Scolese, the Trump administration’s pick to lead the National Reconnaissance Office, said Wednesday he would examine the agency’s digital capabilities in protecting sensitive or classified information. “While I'm not fully briefed on the capabilities of the NRO, I do know that it's a national interest,” Scolese, currently the director of NASA's Goddard Space Flight Center, told the Senate Intelligence Committee. “It's something that NASA faces each and every day and we work to make sure that our systems are secure.”

“I recognize that it's an ever-changing environment and we're going to have to adapt and constantly improve our cybersecurity techniques, as well as working our physical security for our systems,” he added. Scolese stressed the importance of cyber defenses to protect intellectual property that is “absolutely critical” to national defense. “It's a complicated balancing of capabilities but something that I'm fully committed to and something that I've had a lot of experience with at NASA,” Scolese said. He pledged to inform lawmakers if, or when, data breaches occur at the NRO, one of the intelligence community's most secretive agencies.

‘WIDE OPEN FOR THE TAKING’— Sen. Joe Manchin on Wednesday urged the Pentagon during a Senate hearing to consider penalizing prime contractors that don’t ensure their suppliers have adequate cybersecurity controls to minimize the pilfering of sensitive military technologies. “The biggest problem we have seen as we go down the food chain is procurement,” the West Virginia Democrat told Ellen Lord, the undersecretary of defense for acquisition and sustainment. “It seems to be wide open for the taking.”

“We have a fundamental issue that we have missed cybersecurity standards, which are very hard to interpret if you are a contractor,” Lord said before the Senate Armed Services Committee’s Strategic Forces panel, adding that “by the end of this year we will have a national cybersecurity standard just like we have [International Organization of Standardization] standards for quality.”

“You believe the primes should be held responsible and held accountable?” Manchin asked. “Absolutely,” she responded. “Therein lies the problem. Typically primes are pretty good [and] maybe the next level down. They lose sight. … We have never said clearly what is acceptable, what is unacceptable. So we’ll start at contract award.” Manchin, however, seemed unconvinced that will be enough: “If there are not financial penalties for the primes this will never work.”

CYBER BILLS ON THE MOVE — The House Small Business Committee swiftly approved by voice vote three cybersecurity measures on Wednesday. The first, H.R. 1649, offered by top panel Republican Steve Chabot, would require the Small Business Administration to create a cyber counseling certification program so employees of small business development centers can offer “cyber planning assistance to small business concerns.” The second, H.R. 1648, also sponsored by Chabot, would establish small business cybersecurity assistance units and create tools for small businesses to share cyber threat information.

“Small businesses are becoming increasingly popular targets for cyber criminals,” Chabot said. The third measure, H.R. 2331, would require the SBA administrator to submit an annual report that would include an information technology assessment and a strategy to shore up cybersecurity infrastructure. “Forty-seven percent of small businesses have suffered a cyberattack in the last 12 months,” said bill sponsor Jason Crow during the markup, arguing for the need to ensure every arm in the federal government is guarded, including the SBA. All three measures are now ready for House consideration.

WILL SENATE BUNDLE DATA PRIVACY, SECURITY? — From our friends at Morning Tech: Senate Commerce ranking member Maria Cantwell talked Wednesday about legislating data privacy and data security at the same time, but lawmakers across the political spectrum warned that tackling both issues in one bill could be too tall a task.

“We need to have the opportunity to craft solutions that address security and privacy for the entire lifecycle of our data and collection to storage and to processing,” Cantwell said at a Senate Commerce hearing. She later declined to say whether she thought data security needed to go into a privacy bill, but said addressing those concerns “needs to be done.” She added: “I think there’s a panoply of issues here and we’ll just have to see what we can get people to be willing to take up if they’re serious about these concerns.”

Sen. Brian Schatz, one of several members of the panel involved in privacy negotiations, said Cantwell made a “good point” by arguing that “data privacy exists on the spectrum which would include data security.” But he also cautioned against getting “so ambitious that the whole thing falls apart.” Asked whether the issue has come up as part of talks in the Senate working group on privacy, Schatz replied: “Everything is a part of talks.” Sen. Jerry Moran echoed Schatz’s view. “I would guess, just as a practical matter, expanding this makes it more difficult, not easier,” he told reporters.

California’s attorney general said weakening the state’s privacy law would be a “hostile attack on consumers.” … WikiLeaks founder Julian Assange got a 50-week sentence in the U.K. for a bail breach. … U.K. Prime Minister Theresa May fired her defense secretary over a leak about Huawei. … May said she’d rely on technical advice on a decision about allowing Huawei’s involvement in the 5G rollout.

The politics of climate change are frozen in Washington. But beyond the Beltway, action on climate is heating up faster than ever. How are mayors and executives tackling climate change? Tune into POLITICO's "Global Translations" podcast to hear from Mike Bloomberg, the former Mayor of New York City and Ed Skyler, the Executive Vice President for Global Public Affairs at Citi, in a special branded episode by Citi.Subscribe and listen now: Apple Podcasts - Spotify - Stitcher

— Almost half of U.S. businesses, 44 percent, take a month or more to remove former employees’ access to their systems, according to a study out today from OneLogin.

Follow us on Twitter

Follow Us

About The Author : Tim Starks

Tim Starks has written about cybersecurity since 2003, when he began at Congressional Quarterly as a homeland security reporter. While at CQ Roll Call, he mainly covered intelligence, but he also had stretches as a foreign policy reporter and defense reporter. In 2009, he won the National Press Club's Sandy Hume Memorial Award for Excellence in Political Journalism.

He left CQ Roll Call in March of 2015. Before coming to Politico he spent several months freelancing, writing for the Economist, the New Republic, Foreign Policy, Vice, Bloomberg and the Guardian.

He grew up in Evansville, Ind. and graduated from the University of Southern Indiana with a degree in print journalism. His first full-time reporting job was covering city hall for the Evansville Press, the former afternoon daily. He was a Pulliam Fellow at the Indianapolis Star, and participated in the Politics and Journalism Semester at the chain of newspapers anchored by the Las Vegas Review-Journal. He also was the Statehouse Bureau Chief at the Evansville Courier & Press and established the Washington bureau of the New York Sun. Some of his other freelance work has been for the Chicago Tribune, Glamour, Deutsche Welle, Ring and BookForum.

He is the founder of The Queensberry Rules, dubbed an "indispensable boxing blog" by the Wall Street Journal. He's also fond of fantasy basketball and real-life basketball — he is from Indiana, after all — and gets way too bent out of shape over people rooting against the home team or not walking on the right side of the sidewalk.